Subject: CVS commit: pkgsrc/security
To: None <pkgsrc-changes@netbsd.org>
From: Thorsten Frueauf <frueauf@netbsd.org>
List: pkgsrc-changes
Date: 05/10/2002 16:18:47
Module Name:	pkgsrc
Committed By:	frueauf
Date:		Fri May 10 13:18:47 UTC 2002

Modified Files:
	pkgsrc/security/libnasl: PLIST distinfo
	pkgsrc/security/nessus: Makefile.common
	pkgsrc/security/nessus-core: MESSAGE PLIST distinfo
	pkgsrc/security/nessus-core/patches: patch-aa
	pkgsrc/security/nessus-libraries: DESCR Makefile PLIST distinfo
	pkgsrc/security/nessus-libraries/patches: patch-aa patch-ac
	pkgsrc/security/nessus-plugins: PLIST distinfo
Added Files:
	pkgsrc/security/libnasl/patches: patch-aa
Removed Files:
	pkgsrc/security/nessus-libraries/patches: patch-ab patch-ad patch-ae

Log Message:
Update libnasl, nessus{-core,-libraries,-plugins} to 1.2.0.

1.1.15/1.2.0 :

. changes by Nicolas Dubee (ndubee@secway.com) :
- Better support for AF_UNIX sockets

. changes by Brian (bmc@snort.org) :
- CVE references
- several bugfixes in the plugins

. changes by Peter Gründl (pgrundl@kpmg.dk) and
  Carsten Joergensen (carstenjoergensen@kpmg.dk) :
- Extensive review of the plugins and therefore numerous fixes

. changes by Axel Nennker (Axel.Nennker@t-systems.com)
- FD leak in save_kb.c fixed

. changes by Renaud Deraison (deraison at nessus.org)
- It is now possible to upload files to the server when using
  the command line client
- lrand48() portability problems worked around
- fixed a bug in the report window that would make it crash
  randomly

1.1.14 :

. changes by Renaud Deraison (deraison at nessus.org)
- SMB fixes (thanks to Michael Scheidell)
- When the safe checks option is enabled, dangerous tests with no
  alternate code (ie: plugins of type ACT_DESTRUCTIVE_ATTACK and
  ACT_DENIAL) are disabled
- Hosts can be designated by their MAC address of instead of their
  IP address (mostly useful for DHCP networks)
- Fixed a bug in the report generation which would replace newlines (\n)
  by semi-columns (;)
- Fixed a bug in the export of some types of reports, where open ports
  with no data associated would not be saved
- Integrated THC's Hydra as a Nessus plugin
- Added new NT security checks (related to user management)
- Plugins of type ACT_SETTINGS can not be disabled
- Fixed a bug which would make nessusd hang when a scanner was reporting
  too many open ports (as when a UDP scan reports all UDP ports as
  being open)

. changes by Dion Stempfley (dion at riptech.com)
- The client can now filter on category

. changes by Axel Nennker (Axel.Nennker@t-systems.com)
- Fixed some plugins causing error messages in some circumstances
  (dns_xfer.nasl, snmp_processes.nasl...)
- Stylish changes to prevent gcc -Wall from whining in some files
- XML NG output is now XML compliant
- Bug fixes

. changes by Jenni Scott (jenni.scott@guardent.com) and
  Michael Slifcak (michael.slifcak@guardent.com) :
- Improved the reporting of the plugins (better consistency, better
  wording)

1.1.13 :

. changes by Michel Arboi (arboi at algoriel.fr)
- New family ACT_SETTINGS dedicated to plugins which just let the user
  enter some preferences
- Optional NIDS evasion techniques (url encoding, tcp slicing)

. changes by Renaud Deraison (deraison at nessus.org)
- Fixed a bug in the command line client which would make it ignore
  some preferences
- SMB checks can now log into a Windows domain
- NIDS evasion techniques (data injection, short ttl)
- Fixed a bug which would randomly stall the scan

1.1.12 :

. changes by Renaud Deraison (deraison at nessus.org)
- Workarounds on FreeBSD to prevent a kernel panic
  (thanks to Michael Scheidell and Stefan Esser)
- nessus can export reports as other file formats again

1.1.11 :

. changes by Renaud Deraison (deraison at nessus.org)
- Fixed a bug regarding the saving of reports from the GUI
- Improved the backend in many ways (speed-wise, content-wise)
- Changes in the protocol
- More messages are sent between the server and the client (timestamps,
  plugins version, ...)
- New .nbe file format, which looks like .nsr but has more information
  in it
- Plugins now have versions numbers.
- The user can upload his plugins to the nessusd server from the client
- It is now possible to upload files to the server (ie: nmap's results) in
  command-line mode
- Fixed false positives in SNMP plugins when launched against a non-configured
  Solaris snmpd

. changes by Guillaume Valadon (guillaume at valadon.net)
- New XML output (the XML layout was defined by Lionel Cons [lionel.cons at cern.ch])

1.1.10 :

. changes by Renaud Deraison (deraison at nessus.org)
- Fixed a bug introduced in 1.1.9 which would sometimes prevent a user from
  aborting an on-going test
- Fixed a bug in the client which would prevent the user from setting a port
  range longer than 255 chars
- Fixed bugs in pcap_next() (thanks to Richard van den Berg). Also, pcap_next()   is now more flexible.
- Fixed a bug in the command line client which would make it close the
  communication too early when the client - server communication is not
  ciphered
- Added an "auto-load dependencies at runtime" option

1.1.9 :

. changes by Renaud Deraison (deraison at nessus.org)
- Fix in the GUI, when closing a saved report
- Fixed a bug in ftp_log_in() which would prevent nasl script from
  logging into some FTP servers
- Solaris build problems fixed
- Darwin 1.4.1 build problems fixed
- MkLinux DR3 build problems fixed  (is anyone using it anymore ?)
- GTK 1.0.x build problems fixed (the use of GTK 1.2 is recommended though)
- Fixed the "wrong call to getopt" problem which would make Nessus
  segfault when built with cygwin, and which would prevent options
  from working under Solaris & FreeBSD (thanks to Udo Schweigert)
- SMB checks speedup (thanks to Georges Dagousset's suggestion)
- Fixed a bug in the client - server communication that would make the
  server close the communication when the client is idle
- Better support for AF_UNIX socket for client-server communication
  (compile nessus-core with ./configure --enable-unix-socket)
- Plugins are disabled by default in batch mode

. changes by Michel Arboi (arboi at algoriel.fr)
- Client now properly checks the certificate of the server

. changes by Benoit Brodard (bbrodard at arkoon.net)
- fixed bugs in nasl/tcp.c (checksum, handling of unsigned int)

1.1.8 :

. changes by Renaud Deraison (deraison at nessus.org)
- Workaround for systems with a low number of bpfs (OpenBSD, Darwin)
- Added some length checks for SMB checks
- No more zombies
- Fixed accounts.nes
- Fixed the reporting of the client (reports would be mixed)
- Client removes tempfiles when exiting
- Repaired ptyexecvp() which would not work on Solaris
- Slight bugfix in the NASL interpretor

. changes by Georges Dagousset (georges at alert4web.com)
- More optimizations
- Properly reloads KBs with the same value defined more than once
- Fixes in some plugins dependencies

. changes by Michael Slifcak <Michael.Slifcak at guardent.com>
- More nmap options
- Quiet mode in nessus-adduser

1.1.7 :

. changes by Renaud Deraison (deraison at nessus.org)
- Compiles on platforms without OpenSSL
- Better Solaris support
- Ported under Darwin (many thanks to Dieter Fiebelkorn
  (dieter at fiebelkorn.net) who actually started the port and helped
  me test this)
- Unscanned ports can now be considered as closed or open (instead of
  just open), at user choice
- Upgraded to libtool 1.4.2
- fixed a bug in the client which would make it display the wrong report
  when doing multiple scans
- enhanced the plugins filter (that appear when pressing 'l' in the GUI)
- fixed a serious problem in the SMB plugins which would prevent them to work
  against Samba and which would make them slow against Windows (pointed out
  by Georges Dagousset)

. changes by Iouri Pletnev (Iouri.Pletnec at xacta.com)
- Ported under Cygwin

. changes by Michel Arboi (arboi at algoriel.fr)
- Added nessus-mkrand for hosts with no /dev/random AND no EGD
  running

1.1.6 :

. changes by Renaud Deraison (deraison at nessus.org)
- EGD support for OpenSSL (do ./configure --enable-egd=/path/to/egd/socket
  in nessus-libraries)
- KB items are now stored with individual dates instead of a global
  date for the whole KB file. Yes, this means you have to delete your
  old KB files
- When an host could not be pinged, his KB is not altered (nor created)
- fixed memory leaks in nessusd
- nessus-mkcert checks that the certificates were really created
  before congratulating the user
- fixed a security problem where anybody with a shell on the nessusd
  host could log in

1.1.5 :

. changes by Georges Dagousset (georges.dagousset at alert4web.com) :
- new KB entries for further "optimizations"
- improved find_services.nes

. changes by Renaud Deraison (deraison at nessus.org) :
- cleaned up the KB
- added doc/kb_entries.txt
- bugfix in find_services regarding the pem password
- new reporting GUI
- fixed a problem which would leave some plugin run against a host
  considered as dead
- the KB are now stored with properly escaped \n and \r chars
- greatly improved tcp_ping.nasl (and tcp_ping() in libnasl)

. changes by Michel Arboi (arboi at algoriel.fr) :
- replaced PEKS by OpenSSL in the client/server communication

. changes by H D Moore (hdm@secureaustin.com)
- fixed no404.nasl

1.1.4 :

. changes by Renaud Deraison (deraison at nessus.org) :
- fixed find_services.nes
- plugins that are slow to finish are _really_ killed by the server
- the client better handles the scan of big networks
- nmap_wrapper now updates its progress bar
- nessus-update-plugins support proxies (with or without authentication)
- monitor_backend.c and data_mining.c allow any developer to plug
  a database behind the client (by default flatfiles are used)
- bug fixed in nmap_wrapper which would make it kill its parent
  process randomly
- minor fix in the tcp_ping() function of NASL (ack would be set
  to non-zero for a syn packet)
- fixed Alexis's ftp_write_dirs.nes & ftp_bounce_scan.nes

. changes by Michel Arboi (arboi at noos.fr) :
- find_services accepts password-protected .pem files
- patches in the way files were transmitted between the client
  and the server (which could end up in a deadlock)

. changes by Alexis de Bernis <alexisb at tpfh.org) :
- fixed ftp_write_dirs.nes

1.1.3 :

. changes by Renaud Deraison (deraison at nessus.org) :
- added the plugin 'torturecgis.nasl' which supplies bogus args to
  the remote CGIs, in order to find the most blantantly broken
  ones
- webmirror.nasl now retrieves the list of arguments of each
  CGI.
- added filter support in the client. Use the key 'l' to filter
  out plugins you don't want to see.
- added the 'safe checks' option which allow the user to not disturb
  the network (but which weakens the Nessus tests)
- disabled backward support for port 3001 - the official port
  is 1241 now.

1.1.2 :

. changes by Renaud Deraison (deraison at nessus.org) :
- added the plugin 'webmirror.nasl', which extracts the list of
  CGIs used by a remote web server (and will do much more).
- fixed a problem in NASL due to the SSL patch that would cause
  a fd leak with some plugins.
- added a new plugin category (ACT_DESTRUCTIVE_ATTACK) for plugins
  that may harm the remote host.
- SSL certificates & key can be imported
- corrected a bug introduced in 1.1.0 that would make the client not display
  the name of the plugin currently being run.
- sending signal SIGUSR1 to nessusd makes the grandfather process (the one
  who listens on tcp ports) die without killing its children, thus
  allowing a smooth upgrade of nessusd
- updated config.guess and config.sub

1.1.1 :

. changes by Renaud Deraison (deraison at nessus.org) :
- fixed mem leaks in NASL
- fixed a bug introduced in 1.1.0 regarding recv_line()
- fixed a bug introduced in 1.1.0 in the process management of the plugins
  (all the KB would not be filled, resulting in incomplete tests)
- smb_sid2user.nasl is twice as fast ;)

1.1.0 :

. changes by Devin Kowatch (devink at SDSC.EDU) :
- fixed communication problem between client and server
- user-defined timing policy in nmap
- nessus-update-plugins uses wget (or any user-supplied command at
  compilation time) if available.

. changes by Michel Arboi (arboi at bigfoot.com) :
- support for the -T option of nmap
- SSL support

. changes by Zorgon (zorgon at antionline.org) :
- support for the --os_guess option of nmap

. changes by Renaud Deraison (deraison at nessus.org) :
- the user can upload files to plugins through the client (ie: it is possible
  to upload nmap's results directly to the nmap plugin)
- tests can be run in parallel now
- each user is now granted a home by nessus-adduser
- added nessus-rmuser
- per users plugins

Of course several new plugins were added as well.


To generate a diff of this commit:
cvs rdiff -r1.2 -r1.3 pkgsrc/security/libnasl/PLIST
cvs rdiff -r1.5 -r1.6 pkgsrc/security/libnasl/distinfo
cvs rdiff -r0 -r1.1 pkgsrc/security/libnasl/patches/patch-aa
cvs rdiff -r1.12 -r1.13 pkgsrc/security/nessus/Makefile.common
cvs rdiff -r1.1 -r1.2 pkgsrc/security/nessus-core/MESSAGE
cvs rdiff -r1.3 -r1.4 pkgsrc/security/nessus-core/PLIST
cvs rdiff -r1.5 -r1.6 pkgsrc/security/nessus-core/distinfo
cvs rdiff -r1.1.1.1 -r1.2 pkgsrc/security/nessus-core/patches/patch-aa
cvs rdiff -r1.1 -r1.2 pkgsrc/security/nessus-libraries/DESCR
cvs rdiff -r1.4 -r1.5 pkgsrc/security/nessus-libraries/Makefile
cvs rdiff -r1.2 -r1.3 pkgsrc/security/nessus-libraries/PLIST
cvs rdiff -r1.7 -r1.8 pkgsrc/security/nessus-libraries/distinfo
cvs rdiff -r1.1.1.1 -r1.2 pkgsrc/security/nessus-libraries/patches/patch-aa
cvs rdiff -r1.2 -r0 pkgsrc/security/nessus-libraries/patches/patch-ab
cvs rdiff -r1.2 -r1.3 pkgsrc/security/nessus-libraries/patches/patch-ac
cvs rdiff -r1.1 -r0 pkgsrc/security/nessus-libraries/patches/patch-ad \
    pkgsrc/security/nessus-libraries/patches/patch-ae
cvs rdiff -r1.2 -r1.3 pkgsrc/security/nessus-plugins/PLIST
cvs rdiff -r1.5 -r1.6 pkgsrc/security/nessus-plugins/distinfo

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.